Mercurial > repos > other > Puppet
view manifests/nodes.pp @ 331:f69e2d197302
Separate some certs to make migration easier
LetsEncrypt requires all domains on the cert to be accessible
when renewing. If some migrated and some didn't then it won't
work. Separating sites gives us more options for moving sites
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 08 Mar 2020 19:56:26 +0000 |
| parents | 63e0b5149cfb |
| children | 60b13e6d83c5 |
line wrap: on
line source
node 'clouduk.ibboard.co.uk' { class { 'ibboardvpsnode': primary_ip => '213.229.111.243', mailserver => 'mail.ibboard.co.uk', imapserver => 'imap.ibboard.co.uk', firewall_cmd => 'iptables', } } node 'cloudtest.ibboard.co.uk' { class { 'ibboardvpsnode': primary_ip => '192.168.1.78', mailserver => 'mail.ibboard.co.uk', imapserver => 'imap.ibboard.co.uk', firewall_cmd => 'iptables', } } node 'ibbvps.vs.mythic-beasts.com' { class { 'ibboardvpsnode': primary_ip => '2a00:1098:82:52::1', proxy_4to6_ip_prefix => '2a00:1098:82:52::01d4', # ::old4 for IPv4! proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'], nat64_ranges => ['2a00:1098:0:80:1000:3a::/96', '2a00:1098:0:82:1000:3a::/96'], mailserver => 'mail.ibboard.co.uk', imapserver => 'imap.ibboard.co.uk', mailrelays => ['mx.mythic-beasts.com'], firewall_cmd => 'iptables', } # If the console fails to start, you may need to run "restorecon /etc/systemd/system/getty.target.wants/*" # to reset the SELinux context of the file service { 'serial-getty@ttyS0': ensure => 'running', enable => 'true', } firewall { '090 Allow SSH (IPv4-to-IPv6)': dport => 22, source => '2a00:1098:0:82:1000:0:5d5d:826a', proto => 'tcp', action => 'accept', } }